CVE-2026-28804
Denial of Service via /ASCIIHexDecode in pypdf PDF Library
Publication date: 2026-03-06
Last updated on: 2026-03-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pypdf_project | pypdf | to 6.7.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to craft a specially designed PDF file that triggers inefficient decoding in the pypdf library. This causes the decoding process to take an excessively long time, leading to long runtimes and potentially degrading the performance of your system or application that processes such PDFs.
The impact is primarily a denial-of-service-like effect where system resources are consumed inefficiently, which could slow down or disrupt normal operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-28804 is a vulnerability in the pypdf Python library that affects versions prior to 6.7.5. The issue arises when decoding PDF streams that use the /ASCIIHexDecode filter. The previous implementation manually parsed the ASCIIHexDecode streams character-by-character, which was inefficient and could be exploited by an attacker crafting a malicious PDF to cause long runtimes.'}, {'type': 'paragraph', 'content': "This inefficient decoding process leads to excessive processing time, potentially degrading system performance. The vulnerability was fixed by replacing the manual parsing with a more efficient approach using Python's built-in functions, improving performance and maintainability."}] [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves inefficient decoding of PDF streams using the /ASCIIHexDecode filter in the pypdf library prior to version 6.7.5. Detection would involve identifying PDF files processed by vulnerable versions of pypdf that contain streams using the /ASCIIHexDecode filter.
Since the issue causes long runtimes during decoding, monitoring for unusually high CPU or processing time when handling PDF files with pypdf could indicate exploitation.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "The primary mitigation step is to upgrade the pypdf library to version 6.7.5 or later, where the vulnerability has been patched by improving the ASCIIHexDecode filter's performance."}, {'type': 'paragraph', 'content': 'For users unable to upgrade immediately, applying the changes from pull request #3666 is recommended as a workaround to improve performance and mitigate the vulnerability.'}] [2, 3, 4]